Method and system for selecting a password en-crypted with a correct software version

ABSTRACT

Method and system for selecting a password encrypted with a correct software version in a telecommunication system. The system of the invention comprises a source system (LE 1 ), a target system (LE 2 ), an operation and maintenance network (OM) established between the source and the target systems, and an operation and maintenance center (OMC) connected to the operation and maintenance network (OM). In the method, log-on in the source system (LE 1 ) is accomplished by supplying a user identification and a password corresponding to it. Further, a remote session connection is set up via the operation and maintenance center (OMC) to the target system (LE 2 ). According to the invention, the password encryption software versions in the target system (LE 2 ) and in the source system (LE 1 ) are compared with each other; and, if the password encryption software versions in the source and target systems differ from each other, the password belonging to the user identification in question which is associated with an earlier password encryption software version is sent to the target system (LE 2 ).

CROSS REFERENCE TO RELATED APPLICATIONS

This is a Continuation of application Ser. No. 09/976,352 filed Oct. 11,2001, which in turn is a Continuation Application of InternationalApplication No. PCT/FI00/00252, filed Mar. 27, 2000, and claims priorityfrom Finland Application No. 990805 filed Apr. 13, 1999. The disclosureof the prior application(s) is hereby incorporated by reference hereinin its entirety.

FIELD OF THE INVENTION

The present invention relates to telecommunication systems. Inparticular, the invention relates to a new type of method and system forselecting a password encrypted with the right software version in atelephone exchange system.

BACKGROUND OF THE INVENTION

A telephone network generally consists of a plurality of separatetelephone exchanges connected to each other via transmission lines. Thetelephone network is managed and maintained via an operation andmaintenance network (O&M-network), which can be implemented e.g. on thebasis of the services of an X.25 packet network. The operation andmaintenance network is created by connecting to it the telephoneexchanges and other network components to be controlled. The othernetwork components to be controlled include e.g. the transcoder (TC),base transceiver station (BTS) and base station controller (BSC). Thefunctions for operating the telephone network are mainly concentrated incontrol rooms and in network elements centralizing operation andmaintenance functions. An example of centralizing network elements likethis is the DX 200 OMC manufactured by Nokia.

From centralizing telephone network elements, it is possible to set upremote session connections to other telephone exchanges or telephoneswitching systems. When a remote session is established, the sourcesystem, i.e. e.g. a centralizing network element, sends useridentification data, a user identification code and a password, to thetarget system. The target system is e.g. a telephone switching system.

In the DX 200 telephone switching system and in the user interface (ManMachine Interface, MMI) of the operation and maintenance network, theuser's authority and rights are determined on the basis of the useridentification (user ID). The MMI system is a certain aggregate ofperipherals and software which can be used to execute operation andmaintenance functions. For each user ID, an individual password has beendefined for the verification of authenticity of the user. To minimizethe data security risks, it is necessary to change the passwordfrequently enough to ensure that a person not authorized to use a userID will not be able to utilize a user ID not belonging to him/her.

In the above-mentioned system, the problem is that different networkelements may have different versions of password encryption software. Atpresent, user identification on a remote connection is so implementedthat, if the software versions in the source system and in the remotesystem differ from each other, the user must enter the required passwordagain when the remote session is started.

The object of the present invention is to eliminate the drawbacksreferred to above or at least to significantly alleviate them.

A specific object of the invention is to disclose a new type of methodand system which will obviate the need for re-input of a password, thusimproving the convenience of use from the user's point of view.

As for the features characteristic of the present invention, referenceis made to the claims.

SUBJECT OF THE INVENTION

The method of the invention concerns the selection of the manner oftransmission of a password in a telecommunication network. Thetelecommunication system of the invention preferably comprises a sourcesystem, a target system, an operation and maintenance networkestablished between the source and target systems and an operation andmaintenance center connected to the operation and maintenance network.The source and target systems are e.g. telephone switching systems. Inthe method, log-on in the source system is accomplished by giving a useridentification and a valid password corresponding to it. After the userID has been entered, a remote session connection is set up via theoperation and maintenance center to the target system. According to theinvention, a check is carried out to establish whether the target systemis using a different version of password encryption software than thesource system. This check can be performed by both the source system andthe target system.

In the source and/or target system, passwords associated with differentversions of password encryption software have been stored. If thepassword encryption software version in the target system is an earlierversion than that of the source system, then the password associatedwith the password encryption software version used in the target systemis sent to the target system. Correspondingly, if the passwordencryption software version of the target system is newer, then thepassword associated with the password encryption software version in thesource system is sent to it.

The system of the invention comprises means for comparing the passwordencryption software versions of the source and target systems with eachother and means for sending to the target system a password consistentwith an earlier software version, associated with the user ID inquestion.

In an embodiment of the invention, the system comprises means forstoring in a certain predetermined space the passwords belonging to useridentification codes, associated with different versions of passwordencryption software of the source and/or target system.

As compared with prior art, the present invention provides the advantageof making it unnecessary for the user to input the password again whenestablishing a remote connection to a target system. The passwordencryption software versions in the target and source systems arecompared with each other and, based on this, the right password isselected.

LIST OF ILLUSTRATIONS

In the following, the invention will be described in detail by the aidof some of its embodiments with reference to the drawings, wherein

FIG. 1 presents a preferred system according to the invention, and

FIG. 2 presents an example of a flow diagram representing theestablishment of a remote connection.

DETAILED DESCRIPTION OF THE INVENTION

The system presented in FIG. 1 comprises a source system LE1, a targetsystem LE2, an operation and maintenance network OM established betweenthe source and target systems (LE1, LE2) and an operation andmaintenance center OMC connected to the operation and maintenancenetwork OM. The source and target systems are preferably telephoneswitching systems. The telephone switching system is e.g. a DX 200switching center manufactured by the applicant, and the operation andmaintenance center OMC is e.g. a DX 200 OMC. In addition, the systemcomprises means 1 for comparing the password encryption softwareversions in the target system LE2 with each other and means 2 forsending to the target system LE2 the password consistent with an earliersoftware version, associated with the user identification in question.Moreover, the system comprises means 3 for storing the passwordsbelonging to user identification codes and associated with differentversions of password encryption software of the source and/or targetsystem (LE1, LE2) into a certain predetermined space.

FIG. 2 is a flow diagram representing an example of the establishment ofa remote connection according to the invention. The user of the systemwants to establish a remote connection to a target system he hasselected, block 20. The user is e.g. an operator who is observing theoperation of the system. The user logs on in the source system bysupplying his user identification and the password corresponding to it,block 21. Each user identification is associated with closely definedrights assigned in advance. In other words, the user can only accessfunctions agreed beforehand.

Further, a remote session connection to the desired target system is setup via the operation and maintenance center, block 22. Nontransparentlyto the user, the password encryption software versions in the source andtarget systems are compared with each other, block 23. This may resultin one of three different situations, on the basis of which the rightpassword to be sent to the target system is selected, block 24. Inrelation to the password encryption software version in the sourcesystem, the software version in the target system is the same, or later,or earlier.

In the first case, the password is sent in the normal manner to thetarget system.

In the second case, before the comparison of the passwords, the targetsystem must be informed that the source system has an older softwareversion, because otherwise the target system would consider the passwordincorrect and close the connection setup procedure. In the present case,the target system is aware of the variations in passwords associatedwith different software versions. Thus, the target system is able tocompare the received password with the right password.

In the third case, the password encryption software version in thetarget system is older than that in the source system. In this case,before sending the password, the source system must find out whichsoftware version is in use in the target system. Having received thisinformation, the source system can send the right password to the targetsystem.

The invention is not restricted to the examples of its embodimentsdescribed above, but many variations are possible within the scope ofthe inventive idea defined in the claims.

1. An operation and maintenance center connected to a sourcetelecommunication system and to a target telecommunication system via anoperation and maintenance network, wherein the operation and maintenancecenter is configured to receive a remote session connection request tothe target telecommunication system from the source telecommunicationsystem, the operation and maintenance center comprising: means (1) forcomparing password encryption software versions in the targettelecommunication system and in the source telecommunication system witheach other; and means (2) for sending a password associated with theuser identification in question and consistent with an earlier passwordencryption software version to the target telecommunication system whenthe password encryption software versions in the source and targettelecommunication systems differ from each other.
 2. Operation andmaintenance center as defined in claim 1, further comprising means (3)for storing in a certain predetermined space the passwords associatedwith different versions of password encryption software of the sourceand/or target telecommunication system and belonging to useridentification codes.